Here Come the Script Kiddies

About This Episode

AutoSploit has the security industry in a panic, so we give it a go. To our surprise we discover systems at the DOD, Amazon, and other places vulnerable to this automated attack. We’ll tell you all about it, and what these 400 lines of Python known as AutoSploit really do.

Plus injecting arbitrary waveforms into Alexa and Google Assistant commands, making WordPress bulletproof, and how to detect and prevent excessive port scan attacks.

Episode Links

Audio Adversarial Examples — We have constructed targeted audio adversarial examples on speech-to-text transcription neural networks: given an arbitrary waveform, we can make a small perturbation that when added to the original waveform causes it to transcribe as any phrase we choose.

Qubes Air: Generalizing the Qubes Architecture | Qubes OS — Qubes Air is the next step on our roadmap to making the concept of “Security through Compartmentalization” applicable to more scenarios. It is also an attempt to address some of the biggest problems and weaknesses plaguing the current implementation of Qubes, specifically the difficulty of deployment and virtualization as a single point of failure. While Qubes-as-a-Service is one natural application that could be built on top of Qubes Air, it is certainly not the only one. We have also discussed running Qubes over clusters of physically isolated devices, as well as various hybrid scenarios. I believe the approach to security that Qubes has been implementing for years will continue to be valid for years to come, even in a world of apps-as-a-service.

How To Use psad to Detect Network Intrusion Attempts — The key to using psad effectively is to configure danger levels and email alerts appropriately, and then follow up on any problems. This tool, coupled with other intrusion detection resources like tripwire can provide fairly good coverage to be able to detect intrusion attempts.